Home > Vulnerability Database > CVE-2024-35178

Mend.io Vulnerability Database

CVE-2024-35178

Good to know:

Date: June 6, 2024

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1.

Language: Python

Severity Score

7.5

Related Resources (5)

Url: https://github.com/jupyter-server/jupyter_server

Url: https://github.com/jupyter-server/jupyter_server/commit/79fbf801c5908f4d1d9bc90004b74cfaaeeed2df

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35178

Url: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-hrw6-wg82-cm62

Url: https://www.mend.io/vulnerability-database/CVE-2024-35178

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version jupyter-server - 2.14.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35178

Good to know:

Date: June 6, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?